We still don’t know for certain who the people behind the Lapsus$ hacking group are, but some cybersecurity researchers think they have a pretty good idea.
An investigation by Bloomberg claims that Lapsus$ counts just seven members, with the mastermind behind the whole operation allegedly being a teenage boy from the UK.
The alleged ringleader is either 16 or 17 years of age, and lives with his mother “about five miles outside of Oxford University”. Bloomberg’s investigators reprotedly talked to his mother over an intercom, but she did not allow direct communication with her son, and added that she knew nothing of any allegations made against him.
Members in Brazil
Other than saying that four researchers were involved in the investigation, Bloomberg did not name any names - although The Verge found that online security expert Brian Krebs had managed to link back some Lapsus$ members to certain individuals.
Another team member allegedly lives in Brazil. One of them is so skilled that researchers first thought it was a bot, and not an actual human, doing some of the work.
So far, the only thing the researchers can publicly state are the aliases these people were allegedly using, and these include “white”, “breachbase”, “Oklaqq” and “WhiteDoxbin”. These aliases probably belong to no more than two individuals.
The Lapsus$ cybercrime group quickly rose to fame. Late last year, it attacked the endpoints (opens in new tab) of Impresa, Portugal’s biggest media conglomerate, taking down multiple websites, TV channels, AWS infrastructure, and Twitter accounts.
Later, it struck the websites of Brazil’s Ministry of Health (MoH), suspending Covid-19 vaccination efforts in the country.
> Stolen Nvidia code signing certificates used to sign off malware (opens in new tab)
> Nvidia hackers hit Samsung and leak huge data dump (opens in new tab)
> Okta reportedly hit in serious breach - Lapsus$ strikes again? (opens in new tab)
Soon after that, came high-profile names from the tech industry: Nvidia, Samsung, Ubisoft, Okta, and possibly even Microsoft.
The group leaked 190GB of Samsung’s internal data, containing the source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.
Law enforcement agencies have not yet made any statements regarding this investigation and no charges have been pressed just yet.
- These are the best firewalls (opens in new tab) right now
Via: Bloomberg (opens in new tab)